Singularity

The Inner Workings of Securely Running User Containers on HPC Systems

Singularity is an open source container solution being developed specifically for HPC environments. With Singularity, HPC users can safely bring their own execution environments to the cluster. Unlike other container solutions, Singularity does not require root level permissions to run containers, which allows users to freely control what software stack they wish to use. Provisioning of a container image can be done locally on the user's machine or on Singularity Hub. The resulting image can then be securely executed on any machine with Singularity installed. Reproduction of results has never been easier: a user can now share a single Singularity image file that will ensure a consistent execution environment wherever it is run.

This presentation will provide an in-depth look at how Singularity is able to securely run user containers on HPC systems. After a brief introduction to Singularity and its relationship to other container solutions, the details of Singularity's runtime will be explored. The way that Singularity leverages Linux features such as namespaces, bind mounts, and SUID binaries will be discussed in further detail as well.

Singularity is an open source container solution being developed specifically for HPC environments. With Singularity, HPC users can safely bring their own execution environments to the cluster. Unlike other container solutions, Singularity does not require root level permissions to run containers, which allows users to freely control what software stack they wish to use. Provisioning of a container image can be done locally on the user's machine or on Singularity Hub. The resulting image can then be securely executed on any machine with Singularity installed. Reproduction of results has never been easier: a user can now share a single Singularity image file that will ensure a consistent execution environment wherever it is run.

This presentation will provide an in-depth look at how Singularity is able to securely run user containers on HPC systems. After a brief introduction to Singularity and its relationship to other container solutions, the details of Singularity's runtime will be explored. The way that Singularity leverages Linux features such as namespaces, bind mounts, and SUID binaries will be discussed in further detail as well.